From 96fb769cb91ffe7016cd7dc5f97ae8111b7221f9 Mon Sep 17 00:00:00 2001 From: David Smith Date: Thu, 10 Sep 2009 12:39:11 -0500 Subject: Added blurb about the ring_buffer transport. --- NEWS | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 007d89e0..70287a48 100644 --- a/NEWS +++ b/NEWS @@ -65,6 +65,11 @@ SYSTEMTAP_RUNTIME, SYSTEMTAP_TAPSET, SYSTEMTAP_DEBUGINFO_PATH - nss and nss-tools are required to use this feature. +- A new experimental transport mechanism, using ftrace's ring_buffer, + has been added. This may become the default transport mechanism in + future versions of systemtap. To test this new transport mechanism, + define 'STP_USE_RING_BUFFER'. + * What's new in version 0.9.9 - Systemwide kernel .function.return (kretprobe) maxactive defaults may -- cgit From 20ab90b5217b3e294cef1f845bc9a794b365a983 Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Mon, 14 Sep 2009 15:46:34 -0400 Subject: Authorize new certificates created for servers started by root as authorized signers. Update NEWS with the latest usage infor for --unprivileged. --- NEWS | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 77873950..f7af30f1 100644 --- a/NEWS +++ b/NEWS @@ -39,17 +39,23 @@ - Using the --unprivileged option on stap enables translation-time checking for use by unprivileged users (see restrictions below). - All modules deemed suitable for use by unprivileged users will be signed - by stap (see module signing in release 0.9.8 below). - - Modules signed by trusted users and verified by staprun will be loaded by + by stap-server (see module signing in release 0.9.8 and stap-server in + release 0.9 below). + - Modules signed by trusted signers and verified by staprun will be loaded by staprun regardless of the user's privilege level. - - The system administrator asserts the trustworthiness of a user by running + - The system administrator asserts the trustworthiness of a signer by running stap-authorize-signing-cert as root, where can - be found in ~/.systemtap/ssl/server/stap.cert. + be found in ~/.systemtap/ssl/server/stap.cert for servers started by + ordinary users and in $sysconfdir/systemtap/ssl/server/stap.cert for servers + started by root. + - Servers started by root are automatically authorized as trusted signers on + the local host. - Restrictions are intentionally strict at this time and will be relaxed in the future: - probe points are restricted to: - begin, begin(n), end, end(n), error(n), never, - timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n) + begin, begin(n), end, end(n), error, error(n), never, + timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n), + process.* (for processes owned by the user). - embedded C code is not allowed. - use of tapset functions using embedded C code is restricted. - accessing the kernel memory space is not allowed. -- cgit From b232fab3a271c4c787462295d7ffbeca750c1092 Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Mon, 14 Sep 2009 15:52:10 -0400 Subject: Firther updates to NEWS regarding signing and unprivileged users. --- NEWS | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index f7af30f1..0b170732 100644 --- a/NEWS +++ b/NEWS @@ -39,24 +39,24 @@ - Using the --unprivileged option on stap enables translation-time checking for use by unprivileged users (see restrictions below). - All modules deemed suitable for use by unprivileged users will be signed - by stap-server (see module signing in release 0.9.8 and stap-server in - release 0.9 below). - - Modules signed by trusted signers and verified by staprun will be loaded by - staprun regardless of the user's privilege level. - - The system administrator asserts the trustworthiness of a signer by running - stap-authorize-signing-cert as root, where can - be found in ~/.systemtap/ssl/server/stap.cert for servers started by - ordinary users and in $sysconfdir/systemtap/ssl/server/stap.cert for servers - started by root. + by stap-server when --unprivileged is specified on stap-client (see module + signing in release 0.9.8 and stap-server in release 0.9 below). + - Modules signed by trusted signers (servers) and verified by staprun will be + loaded by staprun regardless of the user's privilege level. + - The system administrator asserts the trustworthiness of a signer (server) by + running stap-authorize-signing-cert as root, where + can be found in ~/.systemtap/ssl/server/stap.cert for servers started + by ordinary users and in $sysconfdir/systemtap/ssl/server/stap.cert for + servers started by root. - Servers started by root are automatically authorized as trusted signers on the local host. - - Restrictions are intentionally strict at this time and will be relaxed in + - Restrictions are intentionally strict at this time and may be relaxed in the future: - probe points are restricted to: begin, begin(n), end, end(n), error, error(n), never, timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n), process.* (for processes owned by the user). - - embedded C code is not allowed. + - use of embedded C code is not allowed. - use of tapset functions using embedded C code is restricted. - accessing the kernel memory space is not allowed. - The following command line options may not be used: @@ -142,7 +142,7 @@ syscall arguments are also available by name in nd_syscalls. - Module signing: If the appropriate nss libraries are available on your - system, stap will sign each compiled module using a self-generated + system, stap-server will sign each compiled module using a self-generated certificate. This is the first step toward extending authority to load certain modules to unprivileged users. For now, if the system administrator adds a certificate to a database of trusted signers -- cgit From 8faf4a73f94f70f72537b4f4fbd5830ca4dd17c6 Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Mon, 14 Sep 2009 17:53:40 -0400 Subject: Move --unprivileged support news to the top. --- NEWS | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index e0c888f2..b31eaaf7 100644 --- a/NEWS +++ b/NEWS @@ -1,32 +1,5 @@ * What's new -- Memory consumption for scripts involving many uprobes has been - dramatically reduced. - -- The preprocessor now supports || and && in the conditions. - %( arch == "x86_64" || arch == "ia64" %: ... %) - -- It is now possible to cross-compile systemtap scripts for foreign - architectures, using the new '-a ARCH' and '-B OPT=VALUE' flags. - For example, put arm-linux-gcc etc. into your $PATH, and point - systemtap at the target kernel build tree with: - stap -a arm -B CROSS_COMPILE=arm-linux- -r /build/tree [...] - The -B option is passed to kbuild make. -r identifies the already - configured/built kernel tree and -a its architecture (kbuild ARCH=...). - Systemtap will infer -p4. - -- The systemtap notion of "architecture" now matches the kernel's, rather - than that of "uname -m". This means that 32-bit i386 family are all - known as "i386" rather than "i386" or "i686"; "ppc64" as "powerpc"; - "s390x" as "s390", and so on. This is consistent between the new - "-a ARCH" flag and the script-level %( arch ... %) conditional. - -- It is now possible to define multiple probe aliases with the same name. - A probe will expand to all matching aliases. - probe foo = bar { } - probe foo = baz { } - probe foo { } # expands twice, once to bar and once to baz - - Support for unprivileged users: ***************************************************************************** * WARNING!!!!!!!!!! @@ -71,6 +44,33 @@ SYSTEMTAP_RUNTIME, SYSTEMTAP_TAPSET, SYSTEMTAP_DEBUGINFO_PATH - nss and nss-tools are required to use this feature. +- Memory consumption for scripts involving many uprobes has been + dramatically reduced. + +- The preprocessor now supports || and && in the conditions. + %( arch == "x86_64" || arch == "ia64" %: ... %) + +- It is now possible to cross-compile systemtap scripts for foreign + architectures, using the new '-a ARCH' and '-B OPT=VALUE' flags. + For example, put arm-linux-gcc etc. into your $PATH, and point + systemtap at the target kernel build tree with: + stap -a arm -B CROSS_COMPILE=arm-linux- -r /build/tree [...] + The -B option is passed to kbuild make. -r identifies the already + configured/built kernel tree and -a its architecture (kbuild ARCH=...). + Systemtap will infer -p4. + +- The systemtap notion of "architecture" now matches the kernel's, rather + than that of "uname -m". This means that 32-bit i386 family are all + known as "i386" rather than "i386" or "i686"; "ppc64" as "powerpc"; + "s390x" as "s390", and so on. This is consistent between the new + "-a ARCH" flag and the script-level %( arch ... %) conditional. + +- It is now possible to define multiple probe aliases with the same name. + A probe will expand to all matching aliases. + probe foo = bar { } + probe foo = baz { } + probe foo { } # expands twice, once to bar and once to baz + - A new experimental transport mechanism, using ftrace's ring_buffer, has been added. This may become the default transport mechanism in future versions of systemtap. To test this new transport mechanism, -- cgit